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Abstract — Applications of cyber technologies improve the qual- 
ity of monitoring and decision making in smart grid. These 
cyber technologies are vulnerable to malicious attacks, and 
compromising them can have serious technical and economical 
problems. This paper specifies the effect of compromising each 
measurement on the price of electricity, so that the attacker is 
able to change the prices in the desired direction (increasing 
or decreasing). Attacking and defending all measurements are 
impossible for the attacker and defender, respectively. This 
situation is modeled as a zero-sum game between the attacker 
and defender. The game defines the proportion of times that 
the attacker and defender like to attack and defend different 
measurements, respectively. From the simulation results based 
on the PJM 5-Bus test system, we can show the effectiveness and 
properties of the studied game. 

I. Introduction 

Recently, power systems are becoming more and more 
sophisticated in the structure and configuration because of 
the increasing in electricity demand and the limited energy 
resources. Traditional power grids are commonly used to carry 
power from a few central generators to a large number of 
customers. In contrast, the new-generation of electricity grid 
that is also known as the smart grid uses bidirectional flows of 
electricity and information to deliver power in more efficient 
ways responding to wide ranging conditions and events 01 
(Fig. ID- 

Online monitoring of smart grid is important for control 
centers in different decision making processes. State estima- 
tion (SE) is a key function in building real-time models of 
electricity networks in Energy Management Centers (EMCs) 
0. State estimators provide precise and efficient observations 
of operational constraints to identify the current operating state 
of the system in quantities such as transmission line loadings 
or bus voltage magnitudes. Accuracy of state estimation can 
be affected by bad data during the measuring process. Mea- 
surements may contain errors due to the various reasons such 
as random errors, incorrect topology information and injection 
of bad data by attackers. By integrating more advanced cyber 
technologies into the energy management system (EMS), 
cyber-attacks can cause major technical problems such as 
blackouts in power systemsj[3|, [4|. The attacks also can be 
designed to the attacker's financial benefit at the expense of 
the general consumer's net cost of electricity @, Q. 

1 Aurora attack involves a cyber attack against breakers in a generating unit. 
This experiment shows the abilities of cyber attackers in taking control over 
breakers and consequently, it reveals the technical problems of this attack for 
the power grid (5). 



In this paper, we consider the case wherein the attacker 
uses cyber attack against electricity prices. We show that the 
attacker observes the results of the day-ahead market and 
changes the estimated transmitted power in order to change 
the congestior@ level, resulting in a profit. On the other 
hand, the defender tries to defend the accuracy of network 
measurements. Since the attacker and defender are not able 
to attack and defend all measurements, they will compete 
to increase and decrease the injected false data, respectively. 
This behavior is modeled by a two-person zero-sum strategic 
game where the players try to find the Nash equilibrium and 
maximize their profits. The results of simulations on the PJM 
5-Bus test system show the effectiveness of attack on the prices 
of electricity on the real-time market. 

The remainder of this paper is organized as follows: The 
literature survey is provided in Section [TT] The system model 
is given in Section [TTTJ and the formulation of an undetectable 
attack in the electricity market is given in Section [IV] Section 
[V] models the interactions between the attacker and defender 
as a zero-sum game. Numerical results are shown in Section 
IVII and the conclusion closes the paper in Section IVIII 

II. Literature Review 

Due to the importance of the smart grid studies, some 
surveys have classified the different aspects of smart grids 
ifTOl , Ifm . fl2l . In [10) the authors explore three major 
systems, namely the smart infrastructure system, the smart 
management system, and the smart protection system and also 
propose possible future directions in each system. In ITTl . a 
survey is designed to define a smart distribution system as 
well as to study the implications of the smart grid initiative 
on distribution engineering. In lfl2l relevant approaches are 
investigated to give concrete recommendations for smart grid 
standards, which try to identify standardization in the context 
of smart grids. National Institute of Standards and Technology 
(NIST) in 031 , explains anticipated benefits and requirements 
of smart grid. 

Some researches have been done over cyber security for 
smart grid 02), 02), 03, OS), 03, ED- In 03, an unde- 
tectable attack by bad data detectors (BDD) is first introduced, 

2 Injected power in a specific node of power network, will be transferred to 
different loads through transmission lines (using kirchoff's law). In power 
community we say congestion happens if increasing the power injection, 
increases (at least one of) transmission lines power to their (its) thermal limit 
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where the attacker knows the state estimation Jacobian matrix 
(H) and defines an undetectable attack using this matrix. Ifl6l 
uses independent component analysis (ICA), and inserts an 
undetectable attack even when this matrix is unknown for 
attackers. In flTl . the authors discuss key security technologies 
for a smart grid system, including public key infrastructures 
and trusted computing. Reliable and secure state estimation in 
smart grid from communication capacity requirement point of 
view is analyzed in ifTHl . In [19], a new criterion of reliable 
strategies for defending power systems is derived and two 
allocation algorithms have been developed to seek reliable 
strategies for two types of defense tasks. fl20l is a draft 
from NIST which addresses the cyber security of smart grid 
extensively. While most of current researches (in bad data 
injection area) focus on different attack or defend scenarios, 
our work describes a mutual interaction between both parties. 
This work shows how the interest of one party (attacker or 
defender) can influence the other's interest. 

Some applications of game theory in smart grids have been 
studied in EH, (22l, (23), (26). In (2TJ, the authors present a 
method for evaluating a fully automated electric grid in real 
time and finding potential problem areas or weak points within 
the electric grid by using the game theory. In l22l . the authors 
propose a consumption scheduling mechanism for home and 
neighborhood area load demand management in smart grid 
using integer linear programming (ILP) and game theory. |23| 
is a survey about some of game theory-based applications to 
solve different problems in smart grid. In 11261 the authors 
model and analyze the interactions between the retailer and 
electricity customers as a four-stage Stackelberg game. 

Demand-side management (DSM), is another topic in smart 
grid, which is recently considered by researchers. In (24 1 an 
intelligent management system is designed based on the ob- 
jective of orderly consumption and demand-side management, 
under the circumstances of China's smart grid construction. 
An Intelligent Metering/Trading/Billing System (ITMBS) with 
its implementation on DSM is analyzed by ll25ll . 11271 is 
a research on an autonomous and distributed demand-side 
energy management system among different users. 

III. System Model 

In power systems, transmission lines are used to transfer 
generated power from generating units to consumers. Theo- 
retically, transmitted complex power between bus i and bus j 
depends on the voltage difference between these two buses, 
and it is also a function of impedance between these buses. In 
general, transmission lines have high reactance over resistance 
(i.e. X/R ratio), and one can approximate the impedance of a 
transmission line with its reactance. In DC power flow studies, 
it is assumed that the voltage phase difference between two 
buses is small and that the amplitudes of voltages in buses are 
near to unity. Transmitted power is approximated with a linear 
equation 
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Fig. 1. Flow of energy and data between different parts of smart grids 



where 9i is the voltage phase angle in bus i, and Xij is 
the reactance of transmission line between bus i and bus 
j. In the state-estimation problem, the control center tries 
to estimate n phase angles f?j, by observing m real-time 
measurements. In power flow studies, the voltage phase angle 
(8i) of the reference bus is fixed and known, and thus only 
n — 1 angles need to be estimated. We define the state vector 
as 9 = . . . , 9 n ] T . The control center observes a vector z 
for m active power measurements. These measurements can 
be either transmitted active power from bus i to j, or 
injected active power to bus i (Pi — Pij)- The observation 
can be described as follows: 



P(9) 



(2) 



where z = [z%,--- , z m ] T is the vector of measured active 
power in transmission lines, P(9) is the nonlinear relation 
between measurement z, state 9 is the vector of n bus phase 
angles 9i, and e = [ei, • • • , e m ] T is the Gaussian measurement 
noise vector with covariant matrix S e . 
Define the Jacobian matrix H 6 W m as 
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(3) 



If the phase difference (9i — 9j) in (03 is small, then the linear 
approximation model of d2j can be described as: 



z = H9 + e. 



(4) 



The bad data can be injected to z so as to influence the 
state estimation of 9. Next, we describe the current bad data 
injection method used in state estimators of different electricity 
markets. Given the power flow measurements z, the estimated 
state vector 9 can be computed as: 



= (H T S7 1 H)- 1 H T I!7 1 z = Mz, 
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where 



M = (H T S^ 1 H)- 1 H T S- 1 . 



(5) 



(6) 



Thus, the residue vector r can be computed as the difference 
between measured quantity and the calculated value from the 
estimated state: 

r = z H0. (7) 

Therefore, the expected value and the covariance of the 
residual are: 



E(r) = and cov(r) = (I - M)E e , 



(8) 



False data detection can be performed using a threshold test 
. The hypothesis of not being attacked is accepted if 



max |rj| < 7, (9) 

i 

where 7 is the threshold and is the component of r. 

IV. Attack in electricity market 

A power network is a typically large and complicated 
system, which should be operated without any interruption. 
Normal operation needs a system wide monitoring of the 
states of network in specific time intervals. Based on the 
monitored values, corrective actions need to be taken. Any 
fault in measurement data (because of measurement failures 
or cyber attack against them), can change the decisions of con- 
trol center, which can cause serious technical or economical 
problems in the network. In this section, we first introduce the 
electricity market structure, and then from the attacker point of 
view we will formulate an undetectable attack that can change 
the prices of electricity. 



B. DC Optimal Power Flow (DCOPF) 

In general, the LMP can be split into three components in- 
cluding the marginal energy price LMP^ nergv , marginal con- 
gestion price LMPf ong , and marginal loss price LMP[ jOSS 
ED, E2), (33). A common model of the LMP simulation 
is introduced in PP . It is based on the DC model and 
Linear Programming (LP), which can easily incorporate both 
marginal congestion and marginal losses. The generic dispatch 
model can be written as 
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N 
Q 
Gi 
Di 

GSF k - 

Tpmax 

t k 

Gmax 
i 



number of buses; 

generation cost at bus i in ($/MWh); 

generation dispatch at bus i in ($/MWh); 

demand at bus i in (MWh); 

generation shift factor from bus i to line k; 

transmission limit of line K; 

upper generation limit for generator i; 

lower generation limit for generator i. 



A. Optimal Power Flow (OPF) and DCOPF 

Security and optimality of power network operation are 
the most important tasks in control centers, which can be 
achieved by efficient monitoring and decision making. After 
deregulation of electric industries, different services that can 
improve security and optimality of network can be traded 
in different markets. Energy market is one of these markets 
in which generation companies (GENCO's) and load serving 
entities (LSE's) compete to generate and consume energy, 
respectivel)0. Control center knowing the submitted prices 
and network constraints, tries to maximize social welfare 
for all participants. A well known program for solving this 
optimization is Optimal Power Flow (OPF) program. Linear 
form of optimal power flow is called (DCOPF) and is used 
to define the price of electricity (called locational marginal 
prices or LMPs) in both day-ahead and real-time markets. In 
the following subsections, the formulation of DCOPF together 
with the general structure of day-ahead and real-time markets 
is described. 

3 In an electricity (energy) market, GENCO's submit their bids (for gener- 
ating electricity) to the market. In this case, higher prices will decrease the 
chance of supplying electricity (selling electricity). Similarly, LSE's submit 
their bids for consuming energy. In this case, lower bids will decrease the 
chance of buying electricity. So competition in both entities (GENCO's and 
LSE's) will increase the efficiency of the electricity market. 



The general formulation of the LMP at bus i can be written 
as follows: 

LMPi = LMP energy + LMP z cong + LMP< oss , (11) 

LM penergy _ ^ ^ 
L 

LMp cong = J2 GSF k _i X yi k , (13) 
i=l 

LM ploss = A x _ ^ (14) 

where L is the number of lines, A is the Lagrangian multiplier 
of the equality constraint, pk is the Lagrangian multiplier of 
the k th transmission constraint, and DFi is delivery factor at 
bus i. If the optimization model in ( TTOb ignores losses, we 
will have DFi = 1 and LMPl° ss = in CB}. In this work 
in order to emphasize the main point to be presented, the loss 
price is ignored. 

1 ) Day-Ahead Market: Based on the submitted bids (from 
generators and loads) and predicted network conditiorQ, con- 
trol center runs the DCOPF program. The output of this market 
specifies the dispatch schedule for all generators and defines 
the Locational Marginal Price (LMP) in each bus of power 

4 Such as the load level for the next day, which can be predicted by the 
historical load data from the past years. 



network. Trading electricity in most of electricity markets such 
as PJM Interconnection, New York, and New England markets 
is based on the LMP method. 

2) Real-Time Market: In this market the control center 
conducts the following: 1- Gathers data from the measure- 
ments that are installed in the physical layer (power network); 
2- Estimates the states of the network (online monitoring of 
the network); 3- Runs an incremental dispatch model based 
on the state estimation results. The obtained LMP's will be 
considered as the real-time price of electricit}0. The real-time 
(Ex-Post) model which is used in Midwest ISO, PJM, and 
ISO-New England, can be written as ll34l . [35 1: 
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£ GSF k ^ x (AGt - A A) < 0, k e {CL}, 
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AG™" < Ad < AG™ ax , 
AD min < ADi < AD max , 



i e {QG}, 
% e {PL}, 



where Cf- T is the generation cost at bus i in ($/JWW/ijE 
AGi is the change in the output of generator i, and ADi is 
the change in the demand of dispatchable load at bus i in 
(MWh), AG™ ax and AG™" are the upper and lower bands 
for change in the generation of each qualified generator (QGfl 
Similarly, AD™ ax and AD" lax are the upper and lower bands 
for change in the consumption of each dispatchable load (DL). 
Second constraint shows that any change in the transmitted 
power in congested lines (CL), should be non-positive value. 

Similar to day-ahead market, LMP in bus i (without con- 
sidering the effect of losses) will be, 



LMP* T = A + GSF k _ 



x Hk, 



(16) 
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where, L is the number of lines, A is the Lagrangian multiplier 
of the equality constraint, and fik is the Lagrangian multiplier 
of the k th transmission constraint. 



word, if an attacker can change the measurement values^, the 
results of state estimation and consequently results of real-time 
market will be affected. Changing measurements' data without 
detection by BDD (which can bring financial benefits) is the 
main goal of the attacker in this paper. In the previous section, 
we described that the congestion in lines will change the price 
of electricity in the network. Manipulating prices is a good 
incentive for the attacker to compromise the measurements. 
In order to manipulate the congestion level in a specific line, 
the attacker needs to define the group of measurements that 
can increase or decrease the congestion, then the attacker can 
insert false data into the measurements. Equation (|T), shows 
that any change in voltage angle can change the transmitted 
power through the line. For example, any increase/decrease in 
AO = (9i — 9j) will increase/decrease the transmitted power. 
In online monitoring of power systems, the transmitted power 
from bus i to bus j can be estimated with — , and 
this equation together with equation (|5]l gives the following: 



p. . — 



= Q T z = Qlz^ 



(17) 



Q T z 



where Q T = ( M * m j) _ Th e positive and negative arrays of 
this vector are shown with Q^] and QT, respectively. These 
coefficient vectors divide the measurements into two groups 
z + and z_, in which adding z a > to any array of z + 
and z will increase and decrease the estimated transmitted 
power flow, respectively. In this paper, the measurements in 
z + and z are considered as group M. and M, respectively^. 
After defining these groups, the attacker tries to insert an 
undetectable bad data into the measurements. Assume z = zq 
is the measurement values without corruption (safe mode). 
From (0 residue for safe mode will be: 

r = z - Hi = z - H(Mz ). (18) 

In the case of attack, z = zq + z a and the residue will be, 

r = z-H(9 = z + z a -H(Mz +Mz a ) (19) 
= z Q - HMz + z a - HMz a = r + r a , 



C. Cyber Attack Against Electricity Prices 

Real-time market uses the state estimator results that shows 
the on-line state of the network. In order to transfer data to the 
state estimator, control center uses different communication 
channels such as power line communication channel. Using 
these channels, increases the risk of cyber attack. In other 

5 Dispatch schedule will be similar to the day-ahead market and major 
changes of load will be covered by the Ancillary Services. 

6 This price can be the same as day-ahead market or can be changed by 
the generator in a specific time (i.e. 4P.M. - 6P.M. in PJM market). 

7 A11 PJM generation units that are following PJM dispatch instructions, 
are eligible to participate in the real-time market (to set the real-time LMP 
values), these generation units are called qualified generators. 



where r a = (I — HM)z". From triangular inequality, 

l|r||<||r || + ||r Q ||, (20) 

this equation shows that if || r a || = || (I - HM)z a || is 
small, with large probability control center can not distinguish 
between || r || and || r ||. So inserted attack will path the bad 

8 Attacker can carry out stealth attacks by corrupting the power flow 
measurements through attacking the Remote Terminal Units (RTUs), tam- 
pering with the heterogeneous communication network or breaking into the 
Supervisory Control and Data Acquisition (SCADA) system through the 
control center office Local Area Network (LAN) 1141 . (T5). 

9 It is assumed that atta cker knows H (and consequently M). Knowing the 
location of attack, from I17t . attacker can distinguish the measurements in 
group M and Af. 



data detection if, ||(I - HM)z Q || < £. In this constraint £ 
is a design parameter for the attacker. Smaller values of £ 
will be more likely to be undetected by the control center Q . 
However, the ability to manipulate the state estimation, will 
be limited, we assume £ is predetermined by the attacker. In 
order to change congestion, attacker will define the inserted 
false data using the following optimization, 



ie{M} 



z a (i) 



E *"(»)> 



(21) 



s.t. 



||(I-HM)z a || <£, 
z a (k) = V k G {SM}, 

where z a (i) is the i th element of attack vector z a . Group AA 
and Af consist of measurements that increasing and decreasing 
their value will increase the congestion. Objective of the above 
optimization is to increase and decrease measurements value in 
group AA and Af, respectively. First constraint is for avoiding 
detection of the attack by bad data detector in state estimator. 
Group SA4 shows the safe measurements that can not be 
compromised (such as those protected by Phasor Measurement 
Units). With inserting the resulted attack vector z a to the actual 
values of measurements (z = z +z a ), the attacker will change 
the estimated transmitted power in the attacked line. From 
([T7l >. this change will be 



X; 



(22) 



While the attacker tries to increase this change, the defender 
tries to decrease it by defending the measurements that have 
high risk of being attacked. Changing the estimated power 
flow in a specific line will increase the chance of changing 
prices in both sides of the attacked line0 Either increasing or 
decreasing congestion can bring financial benefits for attacker. 

1) Decreasing The Congestion: In day-ahead market the 
attacker buys at lower price LMPf A and sells at higher 
price LMPf A (LMPf A < LMPf A ). The difference of 
two prices should be paid to the transmission company as the 
congestion prices. In the real-time market, because of decreas- 
ing congestion, the congestion price paid by the attacker is less 
than the supposed congestion price in the day-ahead market 
so the profit of this trade in %/MWh will be: 

P§ng — Congestiorip A ce — Congestion p^ ice (23) 
= (LMPP A - LMP t DA ) - (LMPf T - LMP? T ). 

2) Increasing the congestion: Increasing transmitted power 
from bus i to bus j, can create congestion in line Lij. This 
congestion increases/decreases the price of electricity in the 
receiving/sending end of the transmission line. So the attacker 
needs to buy a Financial Transmission Right (FTR) from 
sending bus i to ending bus j. FTR is a financial contract 
to hedge congestion charges. The FTR holder has access to 

10 The attacker doesn't have access to all data such as the submitted prices, 
generation limits, etc. So with changing the estimated transmitted power 
desired direction, the attacker increases the chance of creating or releasing 
congestion in the attacked line. 



a specific transmission line in a defined time and location to 
transmit a specific value of power. In real-time market with 
creating congestion, FTR can be sold (with higher price) to 
any Load Serving Entities (LSE's). 

In the next section, we will analyze the behavior of both 
attacker and defender in the real-time market. Limitation in 
attack (to) and defend (from) different measurements makes a 
difficult situation for both parties. Mathematical modeling of 
this behavior in the next section, is an efficient answer to the 
question of where should I attack? and where should I defend? 
for the attacker and the defender, respectively. 

V. Gaming Between Attacker and Defender 

In order to protect line L, the defender needs to protect 
group AA and group Af. Because the inserted attack will 
pass the BDD in state estimation (first constraint in (ETT i). the 
control center should use some other detection methods. For 
example, the defender can put some secure measurements into 
random locations in the network. The main problem in this 
procedure is that defending all measurements is not possible. 
On the other hand, it is impossible for the attacker to attack 
all measurements. Instead it tries to attack measurements that 
have the most effect on the state estimator without being 
detected by the control center. This behavior can be modeled 
with a zero-sum strategic game between the attacker and the 
defendeH 

A. Two-Person Zero-Sum Game Between Attacker and De- 
fender 

Define A = (Af, (<Si)ie7j, iUi)icH) as a game, in which the 
defender and the attacker compete to increase and decrease 
the change of the estimated transmitted power (APy), respec- 
tively. In this game, 1Z is the set of players (the defender and 
the attacker), and the game can be defined as: 

• Players set: 1Z — {1,2} (the defender and the attacker). 

• Attacker's strategy: to choose measurements to attack. 

« Strategy set Sf. The set of available strategies for player 
i, Si = { a C Na }, S 2 = { a C Nd }, where N a and N d are 
the maximum number of measurements that the attacker 
can attack and the defender can defend and a CN a is the 
combination of N a measurement out of a measurement. 

• Utility: U\ = APj, and U 2 = -APy for the attacker 
and the defender, respectively. 

B. Noncooperative Finite Games: Two-Person Zero-Sum 

A strategic game is a model of interactive decision-making, 
in which each decision-maker chooses its plan of action once 
and for all, and these choices are made simultaneously. For a 

"in the case that there are different non-cooperative attackers, they will 
have the worst performance. But if the attackers are cooperative, it is the worst 
case for the defender. In this paper, we consider the worst case by assuming 
all attackers are together as one party. So we formulate the problem as the 
two-user zero sum game. If the attackers are non-cooperative, some games 
such as the Stackelberg game can be employed. These games are interesting 
topics which needs future investigations. 



given (m x n) matrix game A = {a. 



l,...,m;j 



l,...,n}, let {row i*, column j*} be a pair of strategies 
adopted by the players. Then, if the pair of inequalities 



< a 



ij* ■ 



(24) 



is satisfied The two-person zero-sum game is said to 

have a saddle point in pure strategies. The strategies {row i*, 
column j*} are said to constitute a saddle-point equilibrium. 
Or simply, they are said to be the saddle-point strategies. The 
corresponding outcome a,*j» of the game is called the saddle- 
point value. If a two-person zero-sun game possesses a single 
saddle point, the value of the game is uniquely given by the 
value of saddle point. However, the mixed strategies are used 
to obtain an equilibrium solution in the matrix games that do 
not possess a saddle point in pure strategies. A mixed strategy 
for a player is a probability distribution on the space of its 
pure strategies. Given an (mxn) matrix game A = {a^ : i = 
1, . . . , m; j = 1, . . . , n), the frequencies with which different 
rows and columns of the matrix are chosen by the defender 
and the attacker will converge to their respective probability 
distributions that characterize the strategies. In this way, the 
average value of the outcome of the game is equal to 

m n 

J(y, w ) = Vi a i3 w i = y'Aw, (25) 

i=l j = l 

where y and w are the probability distribution vectors defined 
by 

y = (yi, ■ ■ ■ ,y m y, w = {w lt --- ,w n y. (26) 

The defender wants to minimize J(y, w) by an optimum 
choice of a probability distribution vector y G Y, while the 
attacker wants to maximize the same quantity by choosing an 
appropriate w G W. The sets Y and W are 



y = {yGi? m :y>0, £> = !}, 



(27) 



i=l 



W = {w G R n : w > 0, J2 w i = (28) 

i=i 

Given an (mxn) matrix game A, a vector y* is known as 
a mixed security strategy for the defender if the following 
inequality holds Vy G Y: 

F m (A) = max y*'Aw < max y'Aw, y G Y. (29) 

And the quantity V m (A) is known as the average security 
level of the defender. We can also define the average security 
level of the attacker as V_ m (A) if the following inequality 
holds for all w G W: 

V m (A) = miny'Aw* > miny'Aw, w G W. (30) 

y€Y yeY 

The two inequalities can also be given as: 

V m (A) = min max y'Aw, (31) 

Y W 

V m (A) = max min y'Aw. (32) 

W Y 



However, it always holds true that V_ m (A) — V m (A) for a 
two-person zero-sum game in the mixed strategies. In this way, 
for an (mxn) matrix game A, A has a saddle point in the 
mixed strategies, and V m (A) is uniquely given by 



V m (A) = V m (A)=V m {A). 



(33) 



We can see that if the players are able to use mixed strategies, 
the matrix games always have a saddle-point solution V^j(A) 
as the only solution in the zero-sum two-person game. 

C. Computation of A Two-Person Zero-Sum Game 

One way to get the saddle point in the mixed strategies is 
to convert the original matrix game into a linear programming 
(LP) problem. Given A = {ay : i = 1, . . . , m; j = 1, . . . , n} 
with all entries positive (i.e.,aij > 0), the average value of 
the game in mixed strategies is given by 

V m (A) = min max y'Aw = max min y'Aw. (34) 

Y W W Y 

Obviously, V m (A) must be a positive quantity on A. Further- 
more, the expression can also be written as 



minwi(y), 

y£Y 



(35) 



where v\(y) is defined as 



vi(y) — max y'Aw > y'Aw, Vw G W. (36) 

w 

In addition, it can also be written as 

A'y < l n vi(y), ln = (l,..,l)'e^. (37) 
Now the mixed security strategy for the defender is to 

min vi(y) (38) 



s.t. 



A'y < l n , 

y'lm = h(y)]" 1 , 
y = yui(y) 
y>0, 



where y is defined as y/v\(y). This is further equivalent to 
the maximization problem 



max y'l r 
y 



(39) 



s.t. 



A'y < l n , 

y >o, 



which is a standard LP problem. 

Similarly, we can get the standard LP problem for the 
attacker 



min w'l r 



(40) 



s.t. 



Aw > l m , 

w > 0, 

where w is defined as w/w 2 (w) and 

v 2 = miny'Aw < y'Aw, Vy G Y. (41) 



TABLE I 

Line Reactance and thermal limit for 5-bus test system 



Line 


L 12 


L14 


Lis 


L23 


L34 


L45 


X(%) 


2.81 


3.04 


0.64 


1.08 


2.97 


2.97 


pmax (MW) 


999 


999 


999 


999 


999 


240 



VI. Numerical Results 

In this section, we analyze the effect of attack on the 
PJM 5-bus test system in ll30l with a slightly modifications. 
Transmission lines' parameters are given in Table U and [TT] 
Generators' and loads' parameters (including G™ ax , C\, and 
Di) together with the location of measurements are shown in 
Figure |2] Solving ( TTOb for the day-ahead market shows that 
L54 (line from P5 to B4) is congested. Here attacker chooses 
L54 to attack. Knowing H, from dTvT > the attacker obtains Q = 
[0.2 0.05 0.19 0.25 0.04 - 0.04 - 0.08 - 0.13 0.18 0.05]. 
Positive and negative arrays of this vector correspond to z + 
and z__ vectors, respectively, i.e., = [z\, Z2, Z4, Z5, Ze, zio] 
and z 7 = [zf,zs,zg]. The greater values of Q(i) correspond 
to measurements that have more effect on Py. Suppose there 
are 4 insecure measurements {zi, 2:4, Z5, zio} and the attacker 
can compromise 2 of them, also the defender can defend 2 
measurements simultaneously. So the attacker should choose 
2 measurements among these measurements that have more 
effect on Py and a sufficiently low probability of detection 
by the defender. In this example, the attacker can choose 
from strategy set Si — {Z1Z4, z\z§, Z4Z3, Z4Z5, Z4Z3, Z5Z3}, 
and the defender can choose from strategy set S 2 = 
{ziz$, Z1Z3, Z4Z5, Z4Z3, Z5Z3}. It is assumed that if the attacker 
for example chooses {ziZj} (to attack measurement i and j, 
i 7^ j) and the defender chooses {ziZk} (to defend measure- 
ment i and k, i + 1 fc), compromising {zj} will be successful, 
and the change in Pjj is only because of compromising {zj}. 
If £ = [5mw,--- ,W]' (12x1) , solving (EB and $22$ gives 
AP54 = Ui = —Ui- As Figure |3] shows, these payoffs are the 
results of different attack and defend strategies (which both 
players take). The attacker and defender in this game are not 
aware of the sequence of play. Also one player has no idea 
about the other player's action. These situations are described 
by a normal form zero-sum game in Table [HI] 

TABLE II 

Generation shift factors of lines in 5-bus test system 



Bus 

Line ^^--^^ 




B 2 


B3 


B4 


Bs 


L\-i 


0.1939 


-0.476 


-0.349 





0.1595 


L1-4 


0.4376 


0.258 


0.1895 





0.36 


Lis 


0.3685 


0.2176 


0.1595 





-0.5195 


L2-3 


0.1939 


0.5241 


-0.349 





0.1595 


L3-4 


0.1939 


0.5241 


0.6510 





0.1595 


L5-4 


0.3685 


0.2176 


0.1595 





0.4805 



Table Hn] shows that min(max) = 3.21, which is not equal 

row 

to max( min ) = 0. So there is no a;*^ that satisfies ( 1241 . 



column 



Therefore, the game doesn't have a single saddle point and 
the problem shifts to finding the proportion of times that the 
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Fig. 2. Measurement configuration in PJM 5-bus test system 
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game 





attacker and the defender, play their own strategies. Solving 
such a game (which does not have a single saddle point) is a 
linear programming. From d39| i defender defines y, we have 



y'lr 



(42) 



1.28y 5 
5.35j/ 5 

1.28y 5 



3.2y 6 < 1, 
1.28y 6 < 1, 
1.28y 6 < 1, 



s.t. < 



1.17jf2 + 1-175-3 + 1.28jf 4 
3.14^ + 3.14^3 + 1.28^4 
2.81jfi + 2.81y 2 + 4.43y 4 
S.Uyi + 1.17ya + 5y 3 + 3.14y 5 + 1.17y 6 < 1, 
2.81j/i + 5y 2 + 1.17M3 + 2.81y 4 + 1.17y e < 1, 
4.84^4 + 2My 2 + 3.14y 3 + 2.81y 4 + 3.14y 5 < 1, 

Vi,y2,y3,y4,y5,y6 > o, 

which gives y = [0 0.049 0.134 0.136 0.018 0.183]. 
Therefore, y = yvi(y) = y(y'l m ) _1 = 
[0 0.094 0.26 0.262 0.0347 0.35]. Similarly, solving © 
for the attacker gives w = [0.29 0.02 0.019 0.019 0.174], 
and therefore, w = wdi(w) = w(w'l m ) _1 = 
[0.556 0.038 0.036 0.037 0.333]. 

Figure |4] shows the proportion of times that the defender and 
the attacker should defend and attack different measurements, 
respectively. As discussed in Section IIVI changing the esti- 
mated transmitted power in line L54 can change the prices 
in either bus 5 or bus 4. In real-time market the control 



TABLE III 

ZERO-SUM GAME BETWEEN THE ATTACKER AND THE DEFENDER 







UIl 


w 2 


ui 3 


U14 


ui 5 


Ul 6 




Att. 

Def/"~\^ 


2124 


21 2 5 


21210 


2425 


24210 


25210 


2/1 


21 24 





3.14 


2.81 


3.14 


2.81 


4.84 


2/2 


21 25 


1.17 





2.81 


1.17 


5 


2.81 


2/3 


2l2l 


1.17 


3.14 





5 


1.17 


3.14 


2/4. 


2425 


1.28 


1.28 


4.43 





2.81 


2.81 


2/5 


24210 


1.28 


5.35 


1.28 


3.14 





3.14 


2/6 


25210 


3.21 


1.28 


1.28 


1.17 


1.17 






center estimates transmitted power and then knowing dispatch 
schedule (which is defined in day-ahead market) load level 
in different buses is estimated. This estimated load together 
with the current state of the network is applied to a DCOPF, 
and this program defines the real-time prices. If the operating 
condition (such as the load level) has not changed and there 
is no error in the measurements, the real-time prices should 
be the same as the day-ahead prices. Here without loss of 
generality, we assume that the actual load level doesn't change 
and any change in the estimated load level is because of bad 
data injection to the state estimator. 

The following example shows how attacker is able to change 
the prices in real-time market. Suppose attacker compro- 
mise Z1Z4 and the defender defends z 5 z w so, attack against 
Z1Z4 is successful. In this case solving d2lT > gives z a = 
[8.21 8.09 0}(mw)- So from ©, estimated 
states for all buses will be § = [50 56 65 01 71.6] x 10^ r Ly 
Using dl71 l. estimated transmitted power can be obtaineqij 



P54 = 236.59 



(MIC) 



This power is less than thermal limit of 



transmission line that shows, congestion in this line is released. 
In this case solving $15[ and ( fl6l l gives the real time prices 
(here it is assumed that AG™ ax = -AG™" = 0.1 M w and 
Aflf™ = —AD™" 1 = Omw). 

Figure [6] shows the prices for attacked and without-attack 
cases. Change of estimated transmitted power in transmission 
line is shown in Figure [5] Now, assume that in day-ahead 
market, the attacker buys IQQmw power in bus 5 and sells it 
in bus 4. From (1231 1. the profit of this contract will be: 

Profit = [(35 - 20) - (30 - 30)] x 100 = 1500 (s/fe) . (43) 



VII. Conclusion 

In this paper, first we analyzed the effect of compromising 
each measurement on the state estimator results. Compro- 
mising these measurements can change the congestion and 
consequently the price of electricity, and thus, the attacker 
has an intensive to change the congestion in the desired 
direction. Since a typical power system has a huge number 
of measurements, attacking or defending all of those becomes 
impossible for attacker and defender, respectively. To this end, 
this behavior is modeled and analyzed in the framework of 
game theory. The simulation results on PJM 5-Bus test system 

12 This value is considered as the real-time transmitted power in L54. 




L15 L23 L34 

Lij (Line From bus i to bus j) 



Fig. 5 . Change in the estimated transmitted power of lines because of attack 
to Z\ and Z4 



indicate that, in the specified load level, how attacker can 
change the prices in the desired direction (decreasing in this 
example). 
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